[Snort-devel] tcpdump for false alert on sid:1845
r.fulton at ...1343...
Wed Oct 30 19:49:02 EST 2002
I am running the production release of 1.9.0 and all seems to be well
except that I am getting a lot of false hits on rules 1845 and 1844.
This did not happen on the beta 6 release that I was running before.
I have managed to get a tcpdump file with a single IMAP session that
illustrates the problem (attached).
Russell Fulton, Computer and Network Security Officer
The University of Auckland, New Zealand
"It aint necessarily so" - Gershwin
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 1101 bytes
Desc: not available
More information about the Snort-devel